Hello guys,
Have you ever had a use case where it was necessary to use a multivalued field to perform an account correlation? If so, how did you do it?
To give more context, we have a source (Azure Active Directory) and within a Service Principal account there is an attribute called “tags”, it is a multivalued field. There is a value within this list of values that will be used to perform the correlation with the identity. I understand that the only option would be to create a Correlation Rule and perform the processing within the rule, correct?
How many times are you making Service Principal accounts?
Sounds more like a schedule task and manually correlate the AD account, to me
We have done this and had to use a cloud rule to accomplish. See an example below that you could use as a starting point.
import sailpoint.tools.Util;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
Map returnMap = new HashMap();
String orgEmail = null;
String email = account.getStringAttribute( "organizationVerifiedDomainEmails" );
String regex = "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\\\.[a-zA-Z]{2,}";
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(email);
int count = 0;
while (matcher.find() && count < 30 ) {
if (matcher.group().toLowerCase().contains("@test.com")) {
orgEmail = matcher.group();
break;
} else {
orgEmail = "[email protected]";
}
count ++;
}
returnMap.put( "identityAttributeName", "email");
returnMap.put( "identityAttributeValue", orgEmail );
return returnMap;
In my scenario, I can’t pass a mocked value like in your case (“@test.com”), I need to validate it with the value of an attribute of the identity.
In other words, the “tags” field that will come from the Azure account is a multivalued field. I need to pass each of the values within this field and validate it with an attribute of the identity. If it is the same, the account match between identity should be linked.